Description
Added a management bot for issue + pr comments to allow for better labelling
Progress:
- [x]
/add_label(s)
- [x]
/remove_label(s)
- [ ]
Ability to "wait for reply" and dynamically set labels
Dependency Review
The following issues were found:
- ✅ 0 vulnerable package(s)
- ✅ 0 package(s) with incompatible licenses
- ✅ 0 package(s) with invalid SPDX license definitions
- ⚠️ 1 package(s) with unknown licenses.
See the Details below.
License Issues
.github/management_bot/pulumi/requirements.txt
| Package | Version | License | Issue Type |
| pulumi-aws | >= 6.0.2, | Null | Unknown License |
OpenSSF Scorecard
| Package | Version | Score | Details |
|---|
| pip/pulumi | >= 3.0.0,
| :green_circle: 6.3 | Details| Check | Score | Reason |
|---|
| Maintained | :green_circle: 10 | 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 | | Code-Review | :green_circle: 10 | all changesets reviewed | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Signed-Releases | :green_circle: 8 | 5 out of the last 5 releases have a total of 5 signed artifacts. | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Security-Policy | :green_circle: 10 | security policy file detected | | Packaging | :warning: -1 | packaging workflow not detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Binary-Artifacts | :green_circle: 9 | binaries present in source code | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 | | Fuzzing | :green_circle: 10 | project is fuzzed | | Vulnerabilities | :warning: 0 | 11 existing vulnerabilities detected |
|
| pip/pulumi-aws | >= 6.0.2,
| Unknown | Unknown |
| actions/actions/checkout | 2.*.* |
:green_circle: 7.1 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 10 | all changesets reviewed | | Maintained | :green_circle: 7 | 8 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 7 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Fuzzing | :warning: 0 | project is not fuzzed | | Pinned-Dependencies | :green_circle: 3 | dependency not pinned by hash detected -- score normalized to 3 | | Packaging | :green_circle: 10 | packaging workflow detected | | Security-Policy | :green_circle: 9 | security policy file detected | | SAST | :green_circle: 9 | SAST tool detected but not run on all commits | | Vulnerabilities | :green_circle: 9 | 1 existing vulnerabilities detected |
|
| actions/actions/setup-python | 2.*.* |
:green_circle: 6.1 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 10 | all changesets reviewed | | Maintained | :green_circle: 10 | 12 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Packaging | :warning: -1 | packaging workflow not detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 | | Fuzzing | :warning: 0 | project is not fuzzed | | Security-Policy | :green_circle: 9 | security policy file detected | | SAST | :green_circle: 9 | SAST tool is not run on all commits -- score normalized to 9 | | Vulnerabilities | :warning: 0 | 12 existing vulnerabilities detected |
|
| actions/actions/upload-artifact | 2.*.* |
:green_circle: 6.7 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 8 | Found 7/8 approved changesets -- score normalized to 8 | | Maintained | :green_circle: 10 | 22 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Packaging | :warning: -1 | packaging workflow not detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Fuzzing | :warning: 0 | project is not fuzzed | | Pinned-Dependencies | :warning: 1 | dependency not pinned by hash detected -- score normalized to 1 | | Security-Policy | :green_circle: 9 | security policy file detected | | SAST | :green_circle: 10 | SAST tool is run on all commits | | Vulnerabilities | :green_circle: 7 | 3 existing vulnerabilities detected |
|
Scanned Manifest Files
.github/management_bot/pulumi/requirements.txt
- pulumi@>= 3.0.0,
- pulumi-aws@>= 6.0.2,
.github/workflows/management_bot_lambda.yml
- actions/checkout@2.*.*
- actions/setup-python@2.*.*
- actions/upload-artifact@2.*.*
TreyWW
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
![myfinances-management[bot] avatar](https://avatars.githubusercontent.com/in/908164?v=4 "Published by a pub.dev verified publisher"){kind=small}